Snynet Solution Logo
MON - SUN: 10 AM - 6 PM
+60 11 5624 8319

Blog

Nasty Instagram vulnerability could have given hackers the keys to the kingdom

Image Description

After auditing the security of Instagram's apps for Android and iOS, security researchers from Check Point have discovered a critical vulnerability that could be used to perform remote code execution on a victim's smartphone.

The security firm began its investigation into the popular social media app with the aim of examining the 3rd party projects it uses. Many software developers of all sizes utilize open source projects in their software to save time and money. During its security audit of Instagram's apps, Check Point found a vulnerability in the way that the service utilizes the open source project Mozjpeg as its JPEG format decoder for uploading images. 

The vulnerability was discovered by fuzzing the open source project. For those unaware, fuzzing involves deliberately placing or injecting garbled data into a specific application or program. If the software fails to properly handle the unexpected data, developers can then identity potential security weaknesses and address them before users are put at risk.

To exploit the vulnerability in Instagram's mobile apps, an attacker would only need to send a potential victim a single, malicious image via email or social media. If this picture is then saved to a user's device, it would trigger the exploitation of the vulnerability once a victim opens the app which would then give an attacker full access to their device for remote takeover.

Remote code execution vulnerability

The vulnerability discovered by Check Point's researchers gives an attacker full control over a user's Instagram app which would allow them to read direct messages, delete or post photos or change a user's account profile details. However, since Instagram has extensive permissions on a user's device, the vulnerability could be used to access their contents, location data, camera and any files stored on their device.

Upon their discovery, the firm's researchers responsibly disclosed their findings to Facebook and the social media giant then described the vulnerability, tracked as CVE-2020-1895, as an Integer Overflow leading to Heap Buffer Overflow. Facebook then issued a patch to address the vulnerability while Check Point waited six months to publish a blog post on its discovery.

Head of cyber research at Check Point, Yaniv Balmas provided further insight on the potential dangers of using 3rd party code, saying:

“This research has two main takeaways. First, 3rd party code libraries can be a serious threat. We strongly urge developers of software applications to vet the 3rd party code libraries they use to build their application infrastructures and make sure their integration is done properly. 3rd party code is used in practically every single application out there, and it's very easy to miss out on serious threats embedded in it. Today it's Instagram, tomorrow – who knows?”

Via SecurityInformed.com

Date

28 Sep 2020

Sources


Share


Other Blog

  • This Black Friday gaming laptop deal cuts £200 off the Asus TUF Dash F15

    Box currently has amazing early Black Friday deals, like this £200 discount on one of the best gaming laptops on the market; the Asus TUF Dash F15.

    The Asus TUF Dash F15 comes with cutting-edge gaming technology, like the powerful Nvidia RTX 3070 GPU and the 11th gen Intel Core i7 CPU. It also comes with 16GB of RAM, 512GB M.2 SSD, and a 15.6-inch HD 144Hz display. The TUF Dash 15 normally sells for £1,399.97, but Box has reduced the price by £200 to £1,199.97.

    (Not in the UK? Scroll down for deals in your region).

    Cheapest Asus TUF Dash F15 deal

    Free game included

    Asus TUF DASH F15 Intel Core i7 16GB RAM 512GB SSD Nvidia RTX 3070: £1,399.97 £1,199.97 at Box
    You don’t want to miss this great £200 price cut for one of the best gaming laptops on the market. It comes with an Nvidia RTX 3070 GPU, Intel Core i7 CPU, 16GB of RAM, 512GB SSD, and a 15.6-inch HD 144Hz display. To sweeten the deal, you’ll get the critically-acclaimed Marvel’s Guardians of the Galaxy game free with this purchase.

    The Asus TUF Dash F15 is one of the few gaming laptops that offers strong gaming performance while still being affordable. With its original price, you were getting a gaming laptop with an RTX 3070 for under £1,400, which is an amazing deal within itself, but now with this £200 discount, you’re getting a tremendous amount of power for under £1,200; you cannot miss out on this deal!

    Not only does the TUF Dash F15 offer great gaming performance, but it also comes with long battery life (for a gaming laptop, at least), as well as a relatively thin and light design. Plus, it includes a variety of ports like three USB ports, a DisplayPort, and a Thunderbolt port. On top of that, Asus has made the TUF Dash F15 easily upgradeable, so you can upgrade the SSDs in the laptop without much hassle.

    More Asus TUF Dash F15 deals

    Wherever you live, here are the cheapest prices for the Asus TUF Dash F15:

    More Black Friday deals

    Read More
  • Xbox Series X games on PC are a hit, as Microsoft throws shade at PS5 approach

    Microsoft has revealed how Xbox Series X games on PC have helped grow the Xbox ecosystem, and why it matters.

    Read More
  • World’s largest hard disk drive might arrive in time for Christmas

    Shipment is scheduled to begin before the end of the year.

    Read More
  • Red Dead Redemption 2 gets Nvidia DLSS support to make it run better on your PC

    DLSS comes to another big-name game, after it was recently introduced to Doom Eternal.

    Read More

Find Out More About Us

Want to hire best people for your project? Look no further you came to the right place!

Contact Us